Description
Arctic Wolf Labs began monitoring the deployment of a new ransomware variant called Fog in early May 2024. The ransomware attacks targeted organizations in the education and recreation sectors within the United States. Evidence suggests threat actors gained initial access through compromised VPN credentials and leveraged techniques like credential dumping, lateral movement tools like PsExec, and ransomware payloads with capabilities to disable defenses, encrypt data, and delete backups. The actors appeared financially motivated, seeking rapid encryption and ransom payment rather than data exfiltration.
Date
| Published | Created | Modified |
|---|---|---|
| June 7, 2024, 10:34 a.m. | June 7, 2024, 10:34 a.m. | June 7, 2024, 10:37 a.m. |
Indicators
8b9c7d2554fe315199fae656448dc193accbec162d4afff3f204ce2346507a8a
d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb
77.247.126.200
5.230.33.176
107.161.50.26
Attack Patterns
FoggyWeb - S0661
T1135
T1490
T1550
T1110
T1136
T1555
T1021
T1489
T1486
T1070
T1570
T1569
T1046
T1140
T1562
T1133
T1078
T1003
T1059
CVE-2024-4358
CVE-2024-1800
Additional Informations
Education
United States of America